mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 05:04:11 +03:00
quick fix
This commit is contained in:
parent
c517e97a44
commit
ba2c06c9dc
|
@ -89,7 +89,7 @@ def urldecode(value, encoding=None):
|
|||
|
||||
return result
|
||||
|
||||
def urlencode(value, safe="%&=", convall=False, limit=False):
|
||||
def urlencode(value, safe="%&=", convall=False, limit=False, failsafe=True):
|
||||
if conf.direct or PLACE.SOAP in conf.paramDict:
|
||||
return value
|
||||
|
||||
|
@ -104,7 +104,7 @@ def urlencode(value, safe="%&=", convall=False, limit=False):
|
|||
|
||||
# corner case when character % really needs to be
|
||||
# encoded (when not representing url encoded char)
|
||||
if all(map(lambda x: '%' in x, [safe, value])):
|
||||
if failsafe and all(map(lambda x: '%' in x, [safe, value])):
|
||||
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE)
|
||||
|
||||
while True:
|
||||
|
|
|
@ -529,7 +529,7 @@ class Connect:
|
|||
# throughly without safe chars (especially & and =)
|
||||
# addendum: as we support url encoding in tampering
|
||||
# functions therefore we need to use % as a safe char
|
||||
payload = urlencode(payload, "%", False, True)
|
||||
payload = urlencode(payload, "%", False, True, not kb.tamperFunctions)
|
||||
value = agent.replacePayload(value, payload)
|
||||
elif place == PLACE.SOAP:
|
||||
# payloads in SOAP should have chars > and < replaced
|
||||
|
|
Loading…
Reference in New Issue
Block a user